TCPDump ISAKMP Delete Payload Buffer Overrun Vulnerability
BID:10003
Info
TCPDump ISAKMP Delete Payload Buffer Overrun Vulnerability
| Bugtraq ID: | 10003 |
| Class: | Unknown |
| CVE: |
CVE-2004-0183 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 30 2004 12:00AM |
| Updated: | Jul 12 2009 04:06AM |
| Credit: | Discovery is credited to Rapid7. |
| Vulnerable: |
SGI ProPack 3.0 SGI ProPack 2.4 Redhat Linux 9.0 i386 Redhat Linux 7.3 LBL tcpdump 3.8.1 LBL tcpdump 3.7.2 LBL tcpdump 3.7.1 LBL tcpdump 3.7 LBL tcpdump 3.6.3 LBL tcpdump 3.6.2 LBL tcpdump 3.5.2 LBL tcpdump 3.5 alpha LBL tcpdump 3.5 LBL tcpdump 3.4 a6 LBL tcpdump 3.4 |
| Not Vulnerable: |
LBL tcpdump 3.8.3 LBL tcpdump 3.8.2 |
Discussion
TCPDump ISAKMP Delete Payload Buffer Overrun Vulnerability
tcpdump is prone to a remotely exploitable buffer overrun vulnerability.
This issue exists in tcpdump's ISAKMP packet display functions. This issue affects how ISAKMP Delete payloads are handled. This may cause a denial of service or potentially be leveraged to execute arbitrary code.
tcpdump is prone to a remotely exploitable buffer overrun vulnerability.
This issue exists in tcpdump's ISAKMP packet display functions. This issue affects how ISAKMP Delete payloads are handled. This may cause a denial of service or potentially be leveraged to execute arbitrary code.
Exploit / POC
TCPDump ISAKMP Delete Payload Buffer Overrun Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
TCPDump ISAKMP Delete Payload Buffer Overrun Vulnerability
Solution:
Mandrake has released an advisory (MDKSA-2004:030) and fixes to address this issue. Mandrake users are advised to apply these fixes as soon as possible. Further information regarding obtaining and applying fixes can be found in the referenced advisory.
Trustix has released an advisory that includes updates for this issue.
Debian has released advisory DSA 478-1 and fixes dealing with this issue.
OpenPKG has provided advisory SA-2004.010 and an update dealing with this issue.
Slackware has released advisory SSA:2004-108-01 to provide fixes for this issue. Please see the attached advisory for details on obtaining and applying fixes.
RedHat has released advisory FEDORA-2004-120 to provide fixes for Fedora. Please see the attached advisory for details on obtaining and applying fixes.
Red Hat has released advisory RHSA-2004:219-07 and fixes to address this and other issues on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.
This issue is addressed in tcpdump 3.8.3.
Turbolinux has released advisory TLSA-2004-16 to provide fixes for this issue. Please see the attached advisory for details on obtaining and applying fixes.
SGI has released an advisory (20040603-01-U) to address this and other issues in SGI ProPack 3. Please see the referenced advisory for more information.
SGI has released an advisory (20040602-01-U) to address this and other issues in SGI ProPack 2.4. Please see the referenced advisory for more information.
The Fedora Legacy project has released advisory FLSA:1468 along with fixes to address this, and other issues. Please see the referenced advisory for further information.
SGI ProPack 2.4
SGI ProPack 3.0
LBL tcpdump 3.4 a6
LBL tcpdump 3.4
LBL tcpdump 3.5 alpha
LBL tcpdump 3.5
LBL tcpdump 3.5.2
LBL tcpdump 3.6.2
LBL tcpdump 3.6.3
LBL tcpdump 3.7
LBL tcpdump 3.7.1
LBL tcpdump 3.7.2
LBL tcpdump 3.8.1
Solution:
Mandrake has released an advisory (MDKSA-2004:030) and fixes to address this issue. Mandrake users are advised to apply these fixes as soon as possible. Further information regarding obtaining and applying fixes can be found in the referenced advisory.
Trustix has released an advisory that includes updates for this issue.
Debian has released advisory DSA 478-1 and fixes dealing with this issue.
OpenPKG has provided advisory SA-2004.010 and an update dealing with this issue.
Slackware has released advisory SSA:2004-108-01 to provide fixes for this issue. Please see the attached advisory for details on obtaining and applying fixes.
RedHat has released advisory FEDORA-2004-120 to provide fixes for Fedora. Please see the attached advisory for details on obtaining and applying fixes.
Red Hat has released advisory RHSA-2004:219-07 and fixes to address this and other issues on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.
This issue is addressed in tcpdump 3.8.3.
Turbolinux has released advisory TLSA-2004-16 to provide fixes for this issue. Please see the attached advisory for details on obtaining and applying fixes.
SGI has released an advisory (20040603-01-U) to address this and other issues in SGI ProPack 3. Please see the referenced advisory for more information.
SGI has released an advisory (20040602-01-U) to address this and other issues in SGI ProPack 2.4. Please see the referenced advisory for more information.
The Fedora Legacy project has released advisory FLSA:1468 along with fixes to address this, and other issues. Please see the referenced advisory for further information.
SGI ProPack 2.4
-
SGI patch10079.tar.gz
ftp://patches.sgi.com/support/free/security/patches/ProPack/2.4/patch1 0079.tar.gz
SGI ProPack 3.0
-
SGI patch10080.tar.gz
ftp://patches.sgi.com/support/free/security/patches/ProPack/3/patch100 80.tar.gz
LBL tcpdump 3.4 a6
-
LBL tcpdump-3.8.3.tar.gz
http://www.tcpdump.org/release/tcpdump-3.8.3.tar.gz
LBL tcpdump 3.4
-
LBL tcpdump-3.8.3.tar.gz
http://www.tcpdump.org/release/tcpdump-3.8.3.tar.gz
LBL tcpdump 3.5 alpha
-
LBL tcpdump-3.8.3.tar.gz
http://www.tcpdump.org/release/tcpdump-3.8.3.tar.gz
LBL tcpdump 3.5
-
LBL tcpdump-3.8.3.tar.gz
http://www.tcpdump.org/release/tcpdump-3.8.3.tar.gz
LBL tcpdump 3.5.2
-
LBL tcpdump-3.8.3.tar.gz
http://www.tcpdump.org/release/tcpdump-3.8.3.tar.gz
LBL tcpdump 3.6.2
-
Debian tcpdump_3.6.2-2.8_alpha.deb
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .8_alpha.deb -
Debian tcpdump_3.6.2-2.8_arm.deb
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .8_arm.deb -
Debian tcpdump_3.6.2-2.8_hppa.deb
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .8_hppa.deb -
Debian tcpdump_3.6.2-2.8_i386.deb
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .8_i386.deb -
Debian tcpdump_3.6.2-2.8_ia64.deb
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .8_ia64.deb -
Debian tcpdump_3.6.2-2.8_m68k.deb
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .8_m68k.deb -
Debian tcpdump_3.6.2-2.8_mips.deb
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .8_mips.deb -
Debian tcpdump_3.6.2-2.8_mipsel.deb
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .8_mipsel.deb -
Debian tcpdump_3.6.2-2.8_powerpc.deb
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .8_powerpc.deb -
Debian tcpdump_3.6.2-2.8_s390.deb
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .8_s390.deb -
Debian tcpdump_3.6.2-2.8_sparc.deb
http://security.debian.org/pool/updates/main/t/tcpdump/tcpdump_3.6.2-2 .8_sparc.deb -
LBL tcpdump-3.8.3.tar.gz
http://www.tcpdump.org/release/tcpdump-3.8.3.tar.gz
LBL tcpdump 3.6.3
-
LBL tcpdump-3.8.3.tar.gz
http://www.tcpdump.org/release/tcpdump-3.8.3.tar.gz -
RedHat arpwatch-2.1a11-17.7.3.6.legacy.i386.rpm
Red Hat Linux 7.3
http://download.fedoralegacy.org/redhat/7.3/updates/i386/arpwatch-2.1a 11-17.7.3.6.legacy.i386.rpm -
RedHat libpcap-0.6.2-17.7.3.6.legacy.i386.rpm
Red Hat Linux 7.3
http://download.fedoralegacy.org/redhat/7.3/updates/i386/libpcap-0.6.2 -17.7.3.6.legacy.i386.rpm -
RedHat tcpdump-3.6.3-17.7.3.6.legacy.i386.rpm
Red Hat Linux 7.3
http://download.fedoralegacy.org/redhat/7.3/updates/i386/tcpdump-3.6.3 -17.7.3.6.legacy.i386.rpm
LBL tcpdump 3.7
-
LBL tcpdump-3.8.3.tar.gz
http://www.tcpdump.org/release/tcpdump-3.8.3.tar.gz
LBL tcpdump 3.7.1
-
LBL tcpdump-3.8.3.tar.gz
http://www.tcpdump.org/release/tcpdump-3.8.3.tar.gz -
Slackware tcpdump-3.8.3-i386-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/t cpdump-3.8.3-i386-1.tgz -
Slackware tcpdump-3.8.3-i386-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/t cpdump-3.8.3-i386-1.tgz
LBL tcpdump 3.7.2
-
LBL tcpdump-3.8.3.tar.gz
http://www.tcpdump.org/release/tcpdump-3.8.3.tar.gz -
Mandrake tcpdump-3.7.2-2.2.91mdk.i586.rpm
Mandrake Linux 9.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake tcpdump-3.7.2-2.2.91mdk.ppc.rpm
Mandrake Linux 9.1/PPC
http://www.mandrakesecure.net/en/ftp.php -
Mandrake tcpdump-3.7.2-2.2.92mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake tcpdump-3.7.2-2.2.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php -
Mandrake tcpdump-3.7.2-2.2.C21mdk.i586.rpm
Mandrake Corporate Server 2.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake tcpdump-3.7.2-2.2.C21mdk.x86_64.rpm
Mandrake Corporate Server 2.1/X86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake tcpdump-3.7.2-2.2.M82mdk.i586.rpm
Mandrake Multi Network Firewall 8.2
http://www.mandrakesecure.net/en/ftp.php -
RedHat arpwatch-2.1a11-7.9.3.legacy.i386.rpm
Red Hat Linux 9
http://download.fedoralegacy.org/redhat/9/updates/i386/arpwatch-2.1a11 -7.9.3.legacy.i386.rpm -
RedHat libpcap-0.7.2-7.9.3.legacy.i386.rpm
Red Hat Linux 9
http://download.fedoralegacy.org/redhat/9/updates/i386/libpcap-0.7.2-7 .9.3.legacy.i386.rpm -
RedHat tcpdump-3.7.2-7.9.3.legacy.i386.rpm
Red Hat Linux 9
http://download.fedoralegacy.org/redhat/9/updates/i386/tcpdump-3.7.2-7 .9.3.legacy.i386.rpm -
Slackware tcpdump-3.8.3-i486-1.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/t cpdump-3.8.3-i486-1.tgz -
Trustix libpcap-0.8.2-1tr.i586.rpm
ftp://ftp.trustix.org/pub/trustix/updates/1.5/rpms/libpcap-0.8.2-1tr.i 586.rpm -
Trustix libpcap-0.8.2-1tr.i586.rpm
ftp://ftp.trustix.org/pub/trustix/updates/2.0/rpms/libpcap-0.8.2-1tr.i 586.rpm -
Trustix tcpdump-3.8.2-1tr.i586.rpm
ftp://ftp.trustix.org/pub/trustix/updates/1.5/rpms/tcpdump-3.8.2-1tr.i 586.rpm -
Trustix tcpdump-3.8.2-1tr.i586.rpm
ftp://ftp.trustix.org/pub/trustix/updates/2.0/rpms/tcpdump-3.8.2-1tr.i 586.rpm
LBL tcpdump 3.8.1
-
LBL tcpdump-3.8.3.tar.gz
http://www.tcpdump.org/release/tcpdump-3.8.3.tar.gz -
Mandrake tcpdump-3.8.1-1.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
OpenPKG tcpdump-3.8.1-2.0.1.src.rpm
ftp://ftp.openpkg.org/release/2.0/UPD/tcpdump-3.8.1-2.0.1.src.rpm -
Trustix libpcap-0.8.2-2tr.i586.rpm
ftp://ftp.trustix.org/pub/trustix/updates/2.1/rpms/libpcap-0.8.2-2tr.i 586.rpm -
Trustix tcpdump-3.8.2-2tr.i586.rpm
ftp://ftp.trustix.org/pub/trustix/updates/2.1/rpms/tcpdump-3.8.2-2tr.i 586.rpm
References
TCPDump ISAKMP Delete Payload Buffer Overrun Vulnerability
References:
References: